The rising fears around the raging pandemia are providing fertile ground for ill-intentioned hackers. There have been several such alerts in the last few weeks. Extra caution is advisable when running into software that purports to have solutions to the epidemic. If you enjoy taking risks, you will have more fun using vipcode-games and keeping clear of suspicious apps. There is a new kid on the block, a Tracker app that will lock your phone if you install it.
One particular fake tracker is circulating these days. It contains a piece of malware linked to the most famous virus in the world. What it does is something known as “screen-lock attack”, and has been used several times in Android ransomware. The unlucky victims find out that the password to unlock their phone has been changed. A Ransom Note pops up, decorated with an Anonymous-style cartoon and the following text: “YOUR PHONE IS ENCRYPTED: YOU HAVE 48 HOURS TO PAY 100$ IN BITCOIN OR EVERYTHING WILL BE ERASED”.
After you survive the first shock, you can read the following:
- What will be deleted? your contacts, your pictures and videos, all social media accounts will be leaked publicly and the phone memory will be completely erased.
- How to save it? You need a decryption code that will disarm the app and unlock your data back as it was before.
- How to get the decryption code? You need to send the 100$ in bitcoin to the address below, click the button below to see the code”.
The lock screen contains a final threat: “NOTE: YOUR GPS IS WATCHED AND YOUR LOCATION IS KNOWN, IF YOU TRY ANYTHING STUPID YOUR PHONE WILL BE AUTOMATICALLY ERASED”. The whole creation is signed “Web Designius”.
Android Nougat offers protection against this type of attack, but it only works if you have set a password. Tarik Saleh, senior security engineer and malware researcher at Domain Tools, claims that his research team has reverse engineered the decryption keys and will be sure to post the key publicly. “The team also has the BTC wallet and is monitoring its transactions. Further technical details will be released soon”.
Why does a Domain Tools company need a research team on malware?
Saleh explains that cybercriminals regularly “exploit people when they are at their most vulnerable. They use dramatic events that cause people to be emotional or fearful to drive their profits. Any time there are major news cycles happening on a topic that stirs a strong reaction, cybercriminals will not be far behind”. This is why the team was on the alert, because the present pandemic situation is no different. As was to be expected, shortly after the first cases were confirmed and media attention was risign, DomainTools’ researchers observed a minor uptick in domain names connected to the name of the virus and of the illness.
As the epidemic progressed, these registrations increased significantly. Many of them are scams.
This is why Domain Tool’s security research team has continuously been monitoring these suspicious domains. At a certain point they located one specific domain containing the virus name, that claimed to have a real-time outbreak tracker available via an app download.
The alert was launched and one more online threat was debunked. Until next time. Be careful ancd check your sources well.
